E-commerce websites targeted by new threat

Early this year, security company RiskIQ identified a new threat, Magecart, which has already affected numerous e-commerce websites, including publishing house Faber and Faber, and clothing brands Everlast Worldwide Inc., GUESS Australia and Rebecca Minkoff.

How Magecart works

According to RiskIQ, the malicious JavaScript code acts as a form grabber, allowing cyber criminals to track down payment card information. Although similar to other compromises, Magecart stands out from the crowd with a few unique features:

It affects multiple e-commerce platforms. So far, it has impacted websites hosted on Magento Commerce, Powerfront CMS and OpenCart.

It affects multiple payment service providers, including BrainTree and VeriSign.

It sends stolen data to remote attacker-operated sites over HTTPS.

It inserts bogus form fields into payment forms to grab additional data.

Don’t get caught unprepared

With the festive season coming, e-commerce site owners cannot afford to be unprepared. Imagine the loss of revenue, customers and reputation you’d suffer if your website was hacked, not to mention the fines you’d be charged with because of the data breach. Making sure your website is vulnerability-free is almost certain to cost you less.

Find your website’s vulnerabilities before cyber criminals do with a Web Application Penetration Test. This consultant-driven penetration test is designed to identify potential vulnerabilities in your websites and web applications, and provide recommendations for improving your security posture, facilitating your compliance with the PCI DSS and ISO 27001.